[pkix] [Errata Held for Document Update] RFC6844 (5097)

RFC Errata System <rfc-editor@rfc-editor.org> Fri, 30 November 2018 19:41 UTC

Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F364B130F74; Fri, 30 Nov 2018 11:41:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bWpT7WDiwUor; Fri, 30 Nov 2018 11:41:06 -0800 (PST)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F08B130E67; Fri, 30 Nov 2018 11:41:06 -0800 (PST)
Received: by rfc-editor.org (Postfix, from userid 30) id 2BBC0B80050; Fri, 30 Nov 2018 11:41:02 -0800 (PST)
To: agwa@andrewayer.name, philliph@comodo.com, rob.stradling@comodo.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: ekr@rtfm.com, iesg@ietf.org, pkix@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset=UTF-8
Message-Id: <20181130194102.2BBC0B80050@rfc-editor.org>
Date: Fri, 30 Nov 2018 11:41:02 -0800 (PST)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/JZbYiWVf16ZqIL03ywrED3PZAdU>
Subject: [pkix] [Errata Held for Document Update] RFC6844 (5097)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2018 19:41:08 -0000

The following errata report has been held for document update 
for RFC6844, "DNS Certification Authority Authorization (CAA) Resource Record". 

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata/eid5097

--------------------------------------
Status: Held for Document Update
Type: Technical

Reported by: Andrew Ayer <agwa@andrewayer.name>;
Date Reported: 2017-08-25
Held by: EKR (IESG)

Section: 4

Original Text
-------------
Let CAA(X) be the record set returned in response to performing a CAA
record query on the label X, P(X) be the DNS label immediately above
X in the DNS hierarchy, and A(X) be the target of a CNAME or DNAME
alias record specified at the label X.

Corrected Text
--------------
Let CAA(X) be the record set returned in response to performing a CAA
record query on the label X, P(X) be the DNS label immediately above
X in the DNS hierarchy, and A(X) be the target of a CNAME
alias record specified at the label X.

Notes
-----
As currently worded, section 4 tells the CA to look up a DNAME record specified *at* the label X, and if one is found, look up a CAA record at the DNAME's target.  This is contrary to the behavior of DNAME as specified in RFC 6672, which is to redirect names subordinate of the DNAME but not the DNAME itself.

Since DNAMEs cause CNAMEs to be synthesized for subordinate names, there is no need for implementers of CAA to care about the presence of DNAMEs at all, so this erratum simply removes any mention of DNAME.

--------------------------------------
RFC6844 (draft-ietf-pkix-caa-15)
--------------------------------------
Title               : DNS Certification Authority Authorization (CAA) Resource Record
Publication Date    : January 2013
Author(s)           : P. Hallam-Baker, R. Stradling
Category            : PROPOSED STANDARD
Source              : Public-Key Infrastructure (X.509)
Area                : Security
Stream              : IETF
Verifying Party     : IESG